Listing Description
• A minimum of three (3) years’ experience performing security incident detection and response including security investigations and forensics analysis, containing and remediating identified incidents, securely gathering artifacts & malware samples, analyzing malware to determine scope and potential impact, and communicating/reporting incidents for executive review
• Understanding of networking and infrastructure design concepts and communications protocols (TCP/IP, DNS,
• HTTP/S, LDAP, AD, UDP, NTP, load balancing, VPNs, network routing protocols, TLS)
• In-depth technical knowledge of Microsoft Windows OS architecture and application interfaces
• In-depth technical knowledge of cloud applications and services including AWS and Azure for performing security incident handling
• Hands-on experience utilizing endpoint and network security solutions for incident detection and response: Carbon Black, Splunk, Crowdstrike, Encase, FTK, Rapid7, behavioral analytics tools, data classification / DLP, firewalls, web proxy/content filtering, CASB, access management technologies, network protocol analysis, and email security technologies
• Ability to be successful in a matrixed organization by leading through influence
• Ability to adapt to a dynamic environment and changing business requirementsBalances understanding and need for business priorities with emerging threats, incident handling best practices, and effective use of risk mitigation strategies to appropriately protect company information assets
Maintains strong information security knowledge of threat actor tactics, techniques, and procedures to identify potential risks and develop achievable and effective mitigation strategies
Proactively identifies security visibility and process gaps and works with colleagues to increasingly gain visibility in identified areas
Implements security incident detection and response methodologies, procedures, standards, and best practices that achieve timely and relevant identification and remediation of security matters
Serves as a leader and provides guidance in assisting IT and security personnel in the collection and review of artifacts pertaining to the investigation
Openly shares insights and recommendations with others to improve incident prevention, detection, and response functions to reduce the time to detect and respond to security incidents
Makes recommendations and helps create roadmaps for security control enhancements that streamline operational processes in a cost-effective manner
Provide technical guidance for the detection and remediation strategies of information security incidents across Danaher
Enhances Danaher’s incident response program including the on-going lifecycle of a security incident from pre-incident planning and preparation, to root cause identification, to final incident reports
Performs and leads technical investigations using leading industry investigation tools to analyze forensics images, memory, and log data to reconstruct events, determine impact, scope the investigation, and define next steps for containing the incident
Analyzes large and complex technical data sets to identify abnormal user, network, and system activity warranting further investigation using Splunk
Correlates disparate data sources, identifies commonalities, creates and recognizes fact patterns, and quickly formulates an achievable remediation strategy when handling a security incident
Develops and disseminates security incident tools, techniques, and training to bolster incident response capabilities across Danaher operating companies to achieve and maintain process efficiency and effectiveness
Easily adapts to changing evidence and newly obtained information in a methodical manner using all available tools and resources
Makes recommendations and implements improvements to the incident detection and response processes to reduce false-positive security events, evolve security alerting based on new IOS, and reduce the mean-time-to-detect and contain security incidents
Actively seeks new and innovative approaches to preventing and identifying malware infections utilizing endpoint and network security solutions, and advanced/emerging security technologies
Diligently and thoroughly tracks work and constructs timeline of events when handling an incident
Collaborates with business partners, key stakeholders, and internal departments to formulate technical response strategies to address information security incidents
Listing Details
- Salary: $150000 - $170000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Optional Telecommute